// Licensed to Elasticsearch B.V. under one or more contributor
// license agreements. See the NOTICE file distributed with
// this work for additional information regarding copyright
// ownership. Elasticsearch B.V. licenses this file to you under
// the Apache License, Version 2.0 (the "License"); you may
// not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing,
// software distributed under the License is distributed on an
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
// KIND, either express or implied.  See the License for the
// specific language governing permissions and limitations
// under the License.

package authorization

import (
	"crypto/subtle"
)

type bearerBuilder struct {
	required string
}

type bearerAuth struct {
	authorized bool
	configured bool
}

func (b bearerBuilder) forToken(token string) *bearerAuth {
	if b.required == "" {
		return &bearerAuth{authorized: true, configured: false}
	}
	return &bearerAuth{
		authorized: subtle.ConstantTimeCompare([]byte(b.required), []byte(token)) == 1,
		configured: true}
}

func (b *bearerAuth) AuthorizedFor(_ string) (bool, error) {
	return b.authorized, nil
}

// IsAuthorizationConfigured will return true if a non-empty token is required.
func (b bearerAuth) IsAuthorizationConfigured() bool {
	return b.configured
}
